Author
Topic: Now that Eset is gone from the UAV... (Read 283 times)

reach out to panda. Great PUP detection, usually great malware detection rate too, panda by its self is worthless once it encounters an unknown file though. but that's why you would want to use it as one of the databases in SAP.

You could also reach out to immunet, which I found out a while ago is NOT the same database as Clam, even though they're both owned by the same company.

You also could reach out to Ad-aware, Vipre, Trend Micro or even reason security...which primarily focuses on PUPS and bloatware, but keeps actively distributed malware signatures in their database too.

Side note, you may want to label AVG as "AVG/Avast" the inner workings of those two programs are pretty much identical now and as far as I'm aware, they have the same database too.

Think Immunet is similar to APEX / it is not a signature based scanner. So not sure it work in this context.

I don't think more Universal AV engines would make a whole lot of sense. It increases licensing costs, there is diminishing marginal returns and it increases false positives. Universal AV to me is just a back up to the existing whitelisting approach.

I have the following enabled:1 - Avira - consistently good performance2 - ClamWin - Cisco owned, hopefully that has given them more resourcing. Think it has always had bias against them because it is free but they must have a huge network for data collection because of its install base3 - Emsisoft - I recollect they were quite good / were a bit more aggressive at picking up adware / PUPs4 - F-Secure - not sure if this includes the KAV engine / definitions but I have this on regardless as I recall their in-house engines were quite good5 - McAfee - Intel owned and hopefully they have been improving6 - Sophos - Quite strong in their own right

I have disabled the following:1 - AVG - whole host of false positives based on their Win32/Heri generic definition. Given they own Avira now, I would just have 1 or the other running2 - F-Prof - not sure Cyren has done a whole heap since they bought it. Its main advantage was that it was light and cheap esp for Linux servers. I suspect its included because they do provide their SDK / push on the OEM side but also its quite cheap to license. On balance, don't think its needed3 - IKARUS - I never had a good impression of them. Really just a personal view and actually quite baseless. I have noticed that I get some false positives when I had it on4 - Microsoft Security Essentials - based on the old engine and I have Windows Defender running anyway